Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

accesscontrol

package

Go to main page

Versions in this module

v0

v0.2.0

Apr 23, 2026

Changes in this version

+ var MembershipCacheServiceErrorIsTransient = func(err error) bool

+ func ComputeContentHash(content []byte) string

+ func GenerateBundleVersion(timestamp time.Time, contentHash string) string

+ type AddGroupMemberInput struct

+ GroupID string

+ Role string

+ UserID shared.ID

+ type AddPermissionToSetInput struct

+ ModificationType string

+ PermissionID string

+ PermissionSetID string

+ type AssignAssetInput struct

+ AssetID string

+ GroupID string

+ OwnershipType string

+ type AssignPermissionSetInput struct

+ GroupID string

+ PermissionSetID string

+ type AssignRoleInput struct

+ RoleID string

+ TenantID string

+ UserID string

+ type BulkAssignAssetsInput struct

+ AssetIDs []string

+ GroupID string

+ OwnershipType string

+ type BulkAssignAssetsResult struct

+ FailedAssets []string

+ FailedCount int

+ SuccessCount int

+ type BulkAssignRoleToUsersInput struct

+ RoleID string

+ TenantID string

+ UserIDs []string

+ type BulkAssignRoleToUsersResult struct

+ FailedCount int

+ FailedUsers []string

+ SuccessCount int

+ type CachedMembership struct

+ ID string

+ JoinedAt time.Time

+ Role string

+ Status string

+ type CompleteBundleInput struct

+ BundleID string

+ ContentHash string

+ ExpiresAt *string

+ RuleCount int

+ SizeBytes int64

+ SourceCount int

+ SourceHashes map[string]string

+ Version string

+ type CreateBundleInput struct

+ SourceIDs []string

+ StoragePath string

+ TenantID string

+ ToolID string

+ type CreateGroupInput struct

+ Description string

+ GroupType string

+ Name string

+ NotificationConfig *groupdom.NotificationConfig

+ Settings *groupdom.GroupSettings

+ Slug string

+ TenantID string

+ type CreateGroupPermissionInput struct

+ Effect string

+ GroupID string

+ PermissionID string

+ type CreateOverrideInput struct

+ AssetGroupID string

+ CreatedBy string

+ Enabled bool

+ ExpiresAt *string

+ IsPattern bool

+ Reason string

+ RulePattern string

+ ScanProfileID string

+ SeverityOverride string

+ TenantID string

+ ToolID string

+ type CreatePermissionSetInput struct

+ Description string

+ Name string

+ ParentSetID *string

+ Permissions []string

+ SetType string

+ Slug string

+ TenantID string

+ type CreateRoleInput struct

+ Description string

+ HasFullDataAccess bool

+ HierarchyLevel int

+ Name string

+ Permissions []string

+ Slug string

+ TenantID string

+ type CreateSourceInput struct

+ Config []byte

+ CredentialsID string

+ Description string

+ Name string

+ Priority int

+ SourceType string

+ SyncEnabled bool

+ SyncIntervalMinutes int

+ TenantID string

+ ToolID string

+ type GroupCounts struct

+ AssetCount int

+ MemberCount int

+ type GroupService struct

+ func NewGroupService(repo groupdom.Repository, log *logger.Logger, opts ...GroupServiceOption) *GroupService

+ func (s *GroupService) AddMember(ctx context.Context, input AddGroupMemberInput, actx auditapp.AuditContext) (*groupdom.Member, error)

+ func (s *GroupService) AssignAsset(ctx context.Context, input AssignAssetInput, assignedBy shared.ID, ...) error

+ func (s *GroupService) AssignPermissionSet(ctx context.Context, input AssignPermissionSetInput, assignedBy shared.ID, ...) error

+ func (s *GroupService) BulkAssignAssets(ctx context.Context, input BulkAssignAssetsInput, assignedBy shared.ID, ...) (*BulkAssignAssetsResult, error)

+ func (s *GroupService) CanAccessAsset(ctx context.Context, userID shared.ID, assetID string) (bool, error)

+ func (s *GroupService) CountUniqueMembers(ctx context.Context, groups []*groupdom.Group) (int, error)

+ func (s *GroupService) CreateGroup(ctx context.Context, input CreateGroupInput, creatorUserID shared.ID, ...) (*groupdom.Group, error)

+ func (s *GroupService) DeleteGroup(ctx context.Context, groupID string, actx auditapp.AuditContext) error

+ func (s *GroupService) GetGroup(ctx context.Context, groupID string) (*groupdom.Group, error)

+ func (s *GroupService) GetGroupBySlug(ctx context.Context, tenantID, slug string) (*groupdom.Group, error)

+ func (s *GroupService) GetGroupCounts(ctx context.Context, groups []*groupdom.Group) (map[shared.ID]GroupCounts, error)

+ func (s *GroupService) GetGroupSecure(ctx context.Context, tenantID, groupID string) (*groupdom.Group, error)

+ func (s *GroupService) ListAssetOwners(ctx context.Context, assetID string) ([]*accesscontroldom.AssetOwner, error)

+ func (s *GroupService) ListGroupAssets(ctx context.Context, groupID string, limit, offset int) ([]*accesscontroldom.AssetOwnerWithAsset, int64, error)

+ func (s *GroupService) ListGroupMembers(ctx context.Context, groupID string) ([]*groupdom.Member, error)

+ func (s *GroupService) ListGroupMembersWithUserInfo(ctx context.Context, groupID string, limit, offset int) ([]*groupdom.MemberWithUser, int64, error)

+ func (s *GroupService) ListGroupPermissionSets(ctx context.Context, groupID string) ([]shared.ID, error)

+ func (s *GroupService) ListGroupPermissionSetsWithDetails(ctx context.Context, groupID string) ([]*permissionsetdom.PermissionSetWithItems, error)

+ func (s *GroupService) ListGroups(ctx context.Context, input ListGroupsInput) (*ListGroupsOutput, error)

+ func (s *GroupService) ListMyAssets(ctx context.Context, tenantID string, userID shared.ID) ([]shared.ID, error)

+ func (s *GroupService) ListUserGroups(ctx context.Context, tenantID string, userID shared.ID) ([]*groupdom.GroupWithRole, error)

+ func (s *GroupService) RemoveMember(ctx context.Context, groupID string, userID shared.ID, ...) error

+ func (s *GroupService) SetNotificationService(ns *integration.NotificationService)

+ func (s *GroupService) UnassignAsset(ctx context.Context, input UnassignAssetInput, actx auditapp.AuditContext) error

+ func (s *GroupService) UnassignPermissionSet(ctx context.Context, groupID, permissionSetID string, ...) error

+ func (s *GroupService) UpdateAssetOwnership(ctx context.Context, input UpdateAssetOwnershipInput, ...) error

+ func (s *GroupService) UpdateGroup(ctx context.Context, groupID string, input UpdateGroupInput, ...) (*groupdom.Group, error)

+ func (s *GroupService) UpdateMemberRole(ctx context.Context, input UpdateGroupMemberRoleInput, ...) (*groupdom.Member, error)

+ type GroupServiceOption func(*GroupService)

+ func WithAccessControlRepository(repo accesscontroldom.Repository) GroupServiceOption

+ func WithGroupAuditService(auditService *auditapp.AuditService) GroupServiceOption

+ func WithPermissionSetRepository(repo permissionsetdom.Repository) GroupServiceOption

+ type GroupSyncService struct

+ func NewGroupSyncService(groupRepo groupdom.Repository, log *logger.Logger) *GroupSyncService

+ func (s *GroupSyncService) SyncAll(ctx context.Context, tenantID shared.ID) error

+ func (s *GroupSyncService) SyncFromProvider(ctx context.Context, tenantID shared.ID, provider string, ...) error

+ type ListBundlesInput struct

+ Status string

+ TenantID string

+ ToolID string

+ type ListGroupsInput struct

+ GroupType *string

+ IsActive *bool

+ Limit int

+ Offset int

+ Search string

+ TenantID string

+ type ListGroupsOutput struct

+ Groups []*groupdom.Group

+ TotalCount int64

+ type ListOverridesInput struct

+ AssetGroupID string

+ Enabled *bool

+ Page int

+ PerPage int

+ ScanProfileID string

+ TenantID string

+ ToolID string

+ type ListPermissionSetsInput struct

+ IncludeSystem bool

+ IsActive *bool

+ Limit int

+ Offset int

+ Search string

+ SetType *string

+ TenantID string

+ type ListPermissionSetsOutput struct

+ PermissionSets []*permissionsetdom.PermissionSet

+ TotalCount int64

+ type ListRulesInput struct

+ Category string

+ Page int

+ PerPage int

+ RuleIDs []string

+ Search string

+ Severity string

+ SourceID string

+ Tags []string

+ TenantID string

+ ToolID string

+ type ListSourcesInput struct

+ Enabled *bool

+ IsPlatformDefault *bool

+ Page int

+ PerPage int

+ Search string

+ SourceType string

+ SyncStatus string

+ TenantID string

+ ToolID string

+ type MembershipCacheService struct

+ func NewMembershipCacheService(redisClient *redis.Client, repo tenant.Repository, log *logger.Logger) (*MembershipCacheService, error)

+ func (s *MembershipCacheService) GetMembership(ctx context.Context, userID shared.ID, tenantID shared.ID) (*tenant.Membership, error)

+ func (s *MembershipCacheService) Invalidate(ctx context.Context, tenantID, userID string)

+ func (s *MembershipCacheService) InvalidateForTenant(ctx context.Context, tenantID string)

+ type PermissionCacheService struct

+ func NewPermissionCacheService(redisClient *redis.Client, roleRepo roledom.Repository, ...) (*PermissionCacheService, error)

+ func (s *PermissionCacheService) GetPermissions(ctx context.Context, tenantID, userID string) ([]string, error)

+ func (s *PermissionCacheService) GetPermissionsWithFallback(ctx context.Context, tenantID, userID string) ([]string, error)

+ func (s *PermissionCacheService) HasAllPermissions(ctx context.Context, tenantID, userID string, permissions ...string) (bool, error)

+ func (s *PermissionCacheService) HasAnyPermission(ctx context.Context, tenantID, userID string, permissions ...string) (bool, error)

+ func (s *PermissionCacheService) HasPermission(ctx context.Context, tenantID, userID, permission string) (bool, error)

+ func (s *PermissionCacheService) Invalidate(ctx context.Context, tenantID, userID string)

+ func (s *PermissionCacheService) InvalidateForTenant(ctx context.Context, tenantID string)

+ func (s *PermissionCacheService) InvalidateForUsers(ctx context.Context, tenantID string, userIDs []string)

+ func (s *PermissionCacheService) Refresh(ctx context.Context, tenantID, userID string) ([]string, error)

+ type PermissionService struct

+ func NewPermissionService(permissionSetRepo permissionsetdom.Repository, log *logger.Logger, ...) *PermissionService

+ func (s *PermissionService) AddPermissionToSet(ctx context.Context, input AddPermissionToSetInput, actx auditapp.AuditContext) error

+ func (s *PermissionService) CreateGroupPermission(ctx context.Context, input CreateGroupPermissionInput, createdBy shared.ID, ...) (*accesscontroldom.GroupPermission, error)

+ func (s *PermissionService) CreatePermissionSet(ctx context.Context, input CreatePermissionSetInput, ...) (*permissionsetdom.PermissionSet, error)

+ func (s *PermissionService) DeleteGroupPermission(ctx context.Context, groupID, permissionID string, actx auditapp.AuditContext) error

+ func (s *PermissionService) DeletePermissionSet(ctx context.Context, permissionSetID string, actx auditapp.AuditContext) error

+ func (s *PermissionService) GetPermissionSet(ctx context.Context, permissionSetID string) (*permissionsetdom.PermissionSet, error)

+ func (s *PermissionService) GetPermissionSetWithItems(ctx context.Context, permissionSetID string) (*permissionsetdom.PermissionSetWithItems, error)

+ func (s *PermissionService) HasAllPermissions(ctx context.Context, tenantID string, userID shared.ID, ...) (bool, error)

+ func (s *PermissionService) HasAnyPermission(ctx context.Context, tenantID string, userID shared.ID, ...) (bool, error)

+ func (s *PermissionService) HasPermission(ctx context.Context, tenantID string, userID shared.ID, ...) (bool, error)

+ func (s *PermissionService) ListGroupCustomPermissions(ctx context.Context, groupID string) ([]*accesscontroldom.GroupPermission, error)

+ func (s *PermissionService) ListPermissionSets(ctx context.Context, input ListPermissionSetsInput) (*ListPermissionSetsOutput, error)

+ func (s *PermissionService) RemovePermissionFromSet(ctx context.Context, permissionSetID, permissionID string, ...) error

+ func (s *PermissionService) ResolveGroupPermissions(ctx context.Context, groupID string) ([]permissiondom.Permission, error)

+ func (s *PermissionService) ResolveUserPermissions(ctx context.Context, tenantID string, userID shared.ID) ([]permissiondom.Permission, error)

+ func (s *PermissionService) ResolveUserPermissionsWithCount(ctx context.Context, tenantID string, userID shared.ID) ([]permissiondom.Permission, int, error)

+ func (s *PermissionService) UpdatePermissionSet(ctx context.Context, permissionSetID string, input UpdatePermissionSetInput, ...) (*permissionsetdom.PermissionSet, error)

+ type PermissionServiceOption func(*PermissionService)

+ func WithPermissionAccessControlRepository(repo accesscontroldom.Repository) PermissionServiceOption

+ func WithPermissionAuditService(auditService *auditapp.AuditService) PermissionServiceOption

+ func WithPermissionGroupRepository(repo groupdom.Repository) PermissionServiceOption

+ type PermissionVersionService struct

+ func NewPermissionVersionService(redisClient *redis.Client, log *logger.Logger) *PermissionVersionService

+ func (s *PermissionVersionService) Delete(ctx context.Context, tenantID, userID string) error

+ func (s *PermissionVersionService) EnsureVersion(ctx context.Context, tenantID, userID string) int

+ func (s *PermissionVersionService) Get(ctx context.Context, tenantID, userID string) int

+ func (s *PermissionVersionService) Increment(ctx context.Context, tenantID, userID string) int

+ func (s *PermissionVersionService) IncrementForUsers(ctx context.Context, tenantID string, userIDs []string)

+ func (s *PermissionVersionService) Set(ctx context.Context, tenantID, userID string, version int) error

+ type RoleService struct

+ func NewRoleService(roleRepo roledom.Repository, permissionRepo roledom.PermissionRepository, ...) *RoleService

+ func (s *RoleService) AssignRole(ctx context.Context, input AssignRoleInput, assignedBy string, ...) error

+ func (s *RoleService) BulkAssignRoleToUsers(ctx context.Context, input BulkAssignRoleToUsersInput, assignedBy string, ...) (*BulkAssignRoleToUsersResult, error)

+ func (s *RoleService) CountUsersWithRole(ctx context.Context, roleID string) (int, error)

+ func (s *RoleService) CreateRole(ctx context.Context, input CreateRoleInput, createdBy string, ...) (*roledom.Role, error)

+ func (s *RoleService) DeleteRole(ctx context.Context, roleID string, actx auditapp.AuditContext) error

+ func (s *RoleService) GetRole(ctx context.Context, roleID string) (*roledom.Role, error)

+ func (s *RoleService) GetRoleBySlug(ctx context.Context, tenantID *string, slug string) (*roledom.Role, error)

+ func (s *RoleService) GetUserPermissions(ctx context.Context, tenantID, userID string) ([]string, error)

+ func (s *RoleService) GetUserRoles(ctx context.Context, tenantID, userID string) ([]*roledom.Role, error)

+ func (s *RoleService) GetUsersRoles(ctx context.Context, tenantID string, userIDs []string) (map[string][]*roledom.Role, error)

+ func (s *RoleService) HasFullDataAccess(ctx context.Context, tenantID, userID string) (bool, error)

+ func (s *RoleService) HasPermission(ctx context.Context, tenantID, userID, permission string) (bool, error)

+ func (s *RoleService) ListModulesWithPermissions(ctx context.Context) ([]*roledom.Module, error)

+ func (s *RoleService) ListPermissions(ctx context.Context) ([]*roledom.Permission, error)

+ func (s *RoleService) ListRoleMembers(ctx context.Context, tenantID, roleID string) ([]*roledom.UserRole, error)

+ func (s *RoleService) ListRolesForTenant(ctx context.Context, tenantID string) ([]*roledom.Role, error)

+ func (s *RoleService) ListSystemRoles(ctx context.Context) ([]*roledom.Role, error)

+ func (s *RoleService) RemoveRole(ctx context.Context, tenantID, userID, roleID string, ...) error

+ func (s *RoleService) SetUserRoles(ctx context.Context, input SetUserRolesInput, assignedBy string, ...) error

+ func (s *RoleService) UpdateRole(ctx context.Context, roleID string, input UpdateRoleInput, ...) (*roledom.Role, error)

+ type RoleServiceOption func(*RoleService)

+ func WithRoleAuditService(auditService *auditapp.AuditService) RoleServiceOption

+ func WithRolePermissionCacheService(svc *PermissionCacheService) RoleServiceOption

+ func WithRolePermissionVersionService(svc *PermissionVersionService) RoleServiceOption

+ type RuleService struct

+ func NewRuleService(sourceRepo ruledom.SourceRepository, ruleRepo ruledom.RuleRepository, ...) *RuleService

+ func (s *RuleService) CleanupExpiredBundles(ctx context.Context) (int64, error)

+ func (s *RuleService) CompleteBundle(ctx context.Context, input CompleteBundleInput) (*ruledom.Bundle, error)

+ func (s *RuleService) CountRulesBySource(ctx context.Context, sourceID string) (int, error)

+ func (s *RuleService) CreateBundle(ctx context.Context, input CreateBundleInput) (*ruledom.Bundle, error)

+ func (s *RuleService) CreateOverride(ctx context.Context, input CreateOverrideInput) (*ruledom.Override, error)

+ func (s *RuleService) CreateSource(ctx context.Context, input CreateSourceInput) (*ruledom.Source, error)

+ func (s *RuleService) DeleteBundle(ctx context.Context, bundleID string) error

+ func (s *RuleService) DeleteOverride(ctx context.Context, tenantID, overrideID string) error

+ func (s *RuleService) DeleteSource(ctx context.Context, tenantID, sourceID string) error

+ func (s *RuleService) DisableSource(ctx context.Context, tenantID, sourceID string) (*ruledom.Source, error)

+ func (s *RuleService) EnableSource(ctx context.Context, tenantID, sourceID string) (*ruledom.Source, error)

+ func (s *RuleService) FailBundle(ctx context.Context, bundleID, errorMessage string) (*ruledom.Bundle, error)

+ func (s *RuleService) GetBundleByID(ctx context.Context, bundleID string) (*ruledom.Bundle, error)

+ func (s *RuleService) GetLatestBundle(ctx context.Context, tenantID, toolID string) (*ruledom.Bundle, error)

+ func (s *RuleService) GetOverride(ctx context.Context, overrideID string) (*ruledom.Override, error)

+ func (s *RuleService) GetOverrideByTenantAndID(ctx context.Context, tenantID, overrideID string) (*ruledom.Override, error)

+ func (s *RuleService) GetRule(ctx context.Context, ruleID string) (*ruledom.Rule, error)

+ func (s *RuleService) GetSource(ctx context.Context, sourceID string) (*ruledom.Source, error)

+ func (s *RuleService) GetSourceByTenantAndID(ctx context.Context, tenantID, sourceID string) (*ruledom.Source, error)

+ func (s *RuleService) GetSyncHistory(ctx context.Context, sourceID string, limit int) ([]*ruledom.SyncHistory, error)

+ func (s *RuleService) ListActiveOverridesForTool(ctx context.Context, tenantID string, toolID *string) ([]*ruledom.Override, error)

+ func (s *RuleService) ListBundles(ctx context.Context, input ListBundlesInput) ([]*ruledom.Bundle, error)

+ func (s *RuleService) ListOverrides(ctx context.Context, input ListOverridesInput) (pagination.Result[*ruledom.Override], error)

+ func (s *RuleService) ListRules(ctx context.Context, input ListRulesInput) (pagination.Result[*ruledom.Rule], error)

+ func (s *RuleService) ListRulesBySource(ctx context.Context, sourceID string) ([]*ruledom.Rule, error)

+ func (s *RuleService) ListSources(ctx context.Context, input ListSourcesInput) (pagination.Result[*ruledom.Source], error)

+ func (s *RuleService) ListSourcesNeedingSync(ctx context.Context, limit int) ([]*ruledom.Source, error)

+ func (s *RuleService) RecordSyncResult(ctx context.Context, sourceID string, result *SyncResult) error

+ func (s *RuleService) UpdateOverride(ctx context.Context, input UpdateOverrideInput) (*ruledom.Override, error)

+ func (s *RuleService) UpdateSource(ctx context.Context, input UpdateSourceInput) (*ruledom.Source, error)

+ func (s *RuleService) UpsertRulesFromSync(ctx context.Context, rules []*ruledom.Rule) error

+ type SetUserRolesInput struct

+ RoleIDs []string

+ TenantID string

+ UserID string

+ type SyncResult struct

+ Duration time.Duration

+ ErrorDetails map[string]any

+ ErrorMessage string

+ NewContentHash string

+ PreviousHash string

+ RulesAdded int

+ RulesRemoved int

+ RulesUpdated int

+ Status ruledom.SyncStatus

+ type SyncSourceInput struct

+ SourceID string

+ TenantID string

+ type UnassignAssetInput struct

+ AssetID string

+ GroupID string

+ type UpdateAssetOwnershipInput struct

+ AssetID string

+ GroupID string

+ OwnershipType string

+ type UpdateGroupInput struct

+ Description *string

+ IsActive *bool

+ Name *string

+ NotificationConfig *groupdom.NotificationConfig

+ Settings *groupdom.GroupSettings

+ Slug *string

+ type UpdateGroupMemberRoleInput struct

+ GroupID string

+ Role string

+ UserID shared.ID

+ type UpdateOverrideInput struct

+ AssetGroupID string

+ Enabled *bool

+ ExpiresAt *string

+ IsPattern *bool

+ OverrideID string

+ Reason string

+ RulePattern string

+ ScanProfileID string

+ SeverityOverride string

+ TenantID string

+ type UpdatePermissionSetInput struct

+ Description *string

+ IsActive *bool

+ Name *string

+ type UpdateRoleInput struct

+ Description *string

+ HasFullDataAccess *bool

+ HierarchyLevel *int

+ Name *string

+ Permissions []string

+ type UpdateSourceInput struct

+ Config []byte

+ CredentialsID string

+ Description string

+ Enabled *bool

+ Name string

+ Priority int

+ SourceID string

+ SyncEnabled *bool

+ SyncIntervalMinutes int

+ TenantID string